1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 |
|
18 | 'use strict';
|
19 |
|
20 |
|
21 |
|
22 | const { Mintable } = require('node-sec-patterns');
|
23 | const { SqlFragment } = require('./fragment.js');
|
24 | const { SqlId } = require('./id.js');
|
25 |
|
26 | const isSqlId = Mintable.verifierFor(SqlId);
|
27 | const isSqlFragment = Mintable.verifierFor(SqlFragment);
|
28 |
|
29 | const iteratorSymbol = Symbol.iterator;
|
30 | const { isArray } = Array;
|
31 | const { apply } = Reflect;
|
32 | const { toString: bufferProtoToString } = Buffer.prototype;
|
33 | const { isBuffer } = Buffer;
|
34 |
|
35 | const CHARS_GLOBAL_REGEXP = /[\0\b\t\n\r\x1a"'\\$]/g;
|
36 | const TZ_REGEXP = /([+\-\s])(\d\d):?(\d\d)?/;
|
37 |
|
38 | function isSeries(val) {
|
39 |
|
40 |
|
41 |
|
42 |
|
43 |
|
44 | return val && typeof val !== 'string' && (isArray(val) || typeof val[iteratorSymbol] === 'function');
|
45 | }
|
46 |
|
47 | function pad(val, template) {
|
48 | const str = `${ val >>> 0 }`;
|
49 | return `${ template.substring(str.length) }${ str }`;
|
50 | }
|
51 |
|
52 | function convertTimezone(tz) {
|
53 | if (tz === 'Z') {
|
54 | return 0;
|
55 | }
|
56 |
|
57 | const m = TZ_REGEXP.exec(tz);
|
58 | if (m) {
|
59 |
|
60 | return (m[1] === '-' ? -1 : 1) * (parseInt(m[2], 10) + ((m[3] ? parseInt(m[3], 10) : 0) / 60)) * 60;
|
61 | }
|
62 | return false;
|
63 | }
|
64 |
|
65 | function escapeSeries(series, escapeOne, nests) {
|
66 | let sql = '';
|
67 |
|
68 | if (isArray(series)) {
|
69 | for (let i = 0, len = series.length; i < len; ++i) {
|
70 | const val = series[i];
|
71 | if (nests && isSeries(val)) {
|
72 | sql += `${ (i ? ', (' : '(') }${ escapeSeries(val, escapeOne, true) })`;
|
73 | } else {
|
74 | sql += `${ (i ? ', ' : '') }${ escapeOne(val) }`;
|
75 | }
|
76 | }
|
77 | } else {
|
78 | let wrote = false;
|
79 | for (const val of series) {
|
80 | if (nests && isSeries(val)) {
|
81 | sql += `${ (wrote ? ', (' : '(') }${ escapeSeries(val, escapeOne, true) })`;
|
82 | } else {
|
83 | sql += `${ (wrote ? ', ' : '') }${ escapeOne(val) }`;
|
84 | }
|
85 | wrote = true;
|
86 | }
|
87 | }
|
88 |
|
89 | return sql;
|
90 | }
|
91 |
|
92 | function bufferToString(buffer) {
|
93 | return `X'${ apply(bufferProtoToString, buffer, [ 'hex' ]) }'`;
|
94 | }
|
95 |
|
96 |
|
97 | function makeEscaper(escapeId, escapeString) {
|
98 |
|
99 | function formatDate(year, month, day, hour, minute, second, millis) {
|
100 |
|
101 | return escapeString(`${ pad(year, '0000') }-${ pad(month, '00') }-${ pad(day, '00') } ${ pad(hour, '00')
|
102 | }:${ pad(minute, '00') }:${ pad(second, '00') }.${ pad(millis, '000') }`);
|
103 | }
|
104 |
|
105 | function dateToString(date, timeZone) {
|
106 | const dt = new Date(date);
|
107 |
|
108 | if (isNaN(dt.getTime())) {
|
109 | return 'NULL';
|
110 | }
|
111 |
|
112 | if (timeZone === 'local') {
|
113 | return formatDate(
|
114 | dt.getFullYear(),
|
115 | dt.getMonth() + 1,
|
116 | dt.getDate(),
|
117 | dt.getHours(),
|
118 | dt.getMinutes(),
|
119 | dt.getSeconds(),
|
120 | dt.getMilliseconds());
|
121 | }
|
122 |
|
123 | const tz = convertTimezone(timeZone);
|
124 |
|
125 | if (tz !== false && tz !== 0) {
|
126 |
|
127 | dt.setTime(dt.getTime() + (tz * 60000));
|
128 | }
|
129 |
|
130 | return formatDate(
|
131 | dt.getUTCFullYear(),
|
132 | dt.getUTCMonth() + 1,
|
133 | dt.getUTCDate(),
|
134 | dt.getUTCHours(),
|
135 | dt.getUTCMinutes(),
|
136 | dt.getUTCSeconds(),
|
137 | dt.getUTCMilliseconds());
|
138 | }
|
139 |
|
140 | function escape(val, stringifyObjects, timeZone) {
|
141 | if (val === void 0 || val === null) {
|
142 | return 'NULL';
|
143 | }
|
144 |
|
145 | switch (typeof val) {
|
146 | case 'boolean':
|
147 | return (val) ? 'true' : 'false';
|
148 | case 'number':
|
149 | return `${ val }`;
|
150 | case 'object':
|
151 | break;
|
152 | default:
|
153 | return escapeString(val);
|
154 | }
|
155 | if (isSqlFragment(val)) {
|
156 | return val.content;
|
157 | }
|
158 | if (isSqlId(val)) {
|
159 | return escapeId(val.content);
|
160 | }
|
161 | if (val instanceof Date) {
|
162 | return dateToString(val, timeZone || 'local');
|
163 | }
|
164 | if (isBuffer(val)) {
|
165 | return bufferToString(val);
|
166 | }
|
167 | if (isSeries(val)) {
|
168 | return escapeSeries(val, (element) => escape(element, true, timeZone), true);
|
169 | }
|
170 | if (stringifyObjects) {
|
171 | return escapeString(val.toString());
|
172 | }
|
173 |
|
174 | return objectToValues(val, timeZone);
|
175 | }
|
176 |
|
177 | function objectToValues(obj, timeZone) {
|
178 | let sql = '';
|
179 |
|
180 | for (const key in obj) {
|
181 | const val = obj[key];
|
182 |
|
183 | if (typeof val === 'function') {
|
184 | continue;
|
185 | }
|
186 |
|
187 | sql += `${ (sql.length === 0 ? '' : ', ') + escapeId(key) } = ${ escape(val, true, timeZone) }`;
|
188 | }
|
189 |
|
190 | return sql;
|
191 | }
|
192 |
|
193 | return escape;
|
194 | }
|
195 |
|
196 | module.exports = Object.freeze({
|
197 | CHARS_GLOBAL_REGEXP,
|
198 | escapeSeries,
|
199 | isSeries,
|
200 | isSqlFragment,
|
201 | makeEscaper,
|
202 | });
|